I started playing around with DNSCrypt yesterday and have it running now at home (on Linux). Seems to be working. I guess you could run several of these, each proxying for a different DNSCrypt resolver, and then use each one as a forwarder for your normal caching nameserver, to get some redundancy (but so far I'm just using one).

I'm running it as an unprivileged user, dnscp, created for this purpose. When I do this there are two dsncrypt-proxy processes running, one as root and one as dnscp. Any idea if that's what's supposed to happen?

I was also wondering about using this at public access WiFi (the proverbial "coffee shop" mentioned in README.markdown). This would be a place it is most useful. I'm not sure how well it would mesh with the hotspot start-up procedures sometimes though. Has anyone had any problems with that?

I'm running it as an unprivileged user, dnscp, created for this purpose. When I do this there are two dsncrypt-proxy processes running, one as root and one as dnscp. Any idea if that's what's supposed to happen?

On my OpenBSD router I only have one process, ran with "_dnsrypt-proxy" user. I have dnscrypt v1.4.0 installed. But may be Linux handles it differently I don't know.

About using a VPN + DNScrypt on a public place using Wifi, if it's to protect your laptop yes it would definitely be useful.

On my OpenBSD router I only have one process, ran with "_dnsrypt-proxy" user. I have dnscrypt v1.4.0 installed. But may be Linux handles it differently I don't know.

Thanks, same version of DNSCrypt here, I'll have to investigate this a bit more.

Quote:

About using a VPN + DNScrypt on a public place using Wifi, if it's to protect your laptop yes it would definitely be useful.

Yes it would be very useful. I was just thinking that some places may only allow regular DNS to get through until you agree to their Terms&Conditions, and so on. Of course it will depend on the hotspot. Again something for future investigation as opportunity permits.

PolarSSL has already been integrated with OpenVPN and its options -- ciphers, key management -- may be more apropos to integration with non-OpenBSD platforms.

However, that is entirely conjecture. I have not seen any traffic regarding this on ports@ or misc@ or tech@, and I haven't used OpenVPN in more than 15 years.

For more than guesses, you might ask Stuart Henderson. He's the developer doing the work, according to the log.

We use at work OpenVPN. I run OpenVPN server on OpenBSD of course. I read OpenVPN documentation back and forth several times but this is the first time I hear about PolarSSL. OpenSSL sucks of course but it is so tightly integrated with many packages that even LibreSSL people concede that was the sole reason they forked OpenSSL instead using some other much better alternatives as a starting point.

I'd only learned of the software through a response to one of the recent OpenSSL articles on the OpenBSD Journal, and once I saw the CVS log in the port I looked for and found a history and status of the OpenVPN integration work. As I mentioned, I haven't used OpenVPN in a very long time for VPNs and I know nothing about PolarSSL.